Researcher discloses three iOS zero-days, still exploitable in iOS 15, and criticizes Apple for ignoring them
2 min read
In a blog post, the researcher says they first sent a report of four vulnerabilities to the Apple Security Bounty program on April 29. Apple addressed one...
In brief: An anonymous researcher disclosed three zero-day vulnerabilities for iOS this week, claiming Apple's latest iOS15 update is still vulnerable to them. The researcher criticized Apple for ignoring warnings about the vulnerabilities, saying they first disclosed them to Apple in April. The vulnerabilities could be used to expose Apple IDs, real names, Wi-Fi information, and more.

of the vulnerabilities in iOS 14.7 in June, but didn't mention it in the security notes for that update. The researcher says Apple still hasn't mentioned it in subsequent security notes, addressed the other three vulnerabilities, or given them credit for discovering the vulnerabilities.

The researcher warned Apple on September 13 that they would make their research public if it did not address the remaining…
Daniel Sims
Read full article